Linked by Thom Holwerda on Fri 11th May 2018 18:36 UTC
Mozilla & Gecko clones

Continuing our past work, Firefox 60 brings further important improvements to security sandboxing on Linux, making it harder for attackers that find security bugs in the browser to escalate those into attacks against the rest of the system.

The most important change is that content processes - which render Web pages and execute JavaScript - are no longer allowed to directly connect to the Internet, or connect to most local services accessed with Unix-domain sockets (for example, PulseAudio).

This means that content processes have to follow any network access restrictions Firefox imposes - for example, if the browser has been set up to use a proxy server, connecting directly to the internet is no longer possible. But more important are the restrictions on connections to local services: they often assume that anything connecting to them has the full authority of the user running it, and either allow it to ask for arbitrary code to run, or aren't careful about preventing that. Normally that's not a security problem because the client could just run that code itself, but if it's a sandboxed Firefox process, that could have meant a sandbox escape.

Order by: Score:
pulse pays off here
by tidux on Fri 11th May 2018 19:05 UTC
tidux
Member since:
2011-08-13

This is why the PulseAudio requirement happened. Raw ALSA didn't have an interface except directly speaking to libasound.so and the kernel. Using PulseAudio changes that to a protocol that can be routed through a non-content process.

Also, tabs in titlebar work now on most DEs and WMs.

Reply Score: 2